mozilla
/
addons-linter
зеркало из https://github.com/mozilla/addons-linter.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Run markdown-spellcheck against README and docs

This commit is contained in:
Peter deHaan 2018-10-16 15:36:09 -07:00
Родитель a021f7a7b7
Коммит c5ff023aeb
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 23BB6335A894F873
4 изменённых файлов: 104 добавлений и 62 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

42
.spelling Normal file
Просмотреть файл

@ -0,0 +1,42 @@
_or_
1.x
addon-linter
addons-linter
addons.mozilla.org
amo-validator
AngularJS
content_security_policy
default_locale
eg
env
ESLint
FLUENT_INVALID
fluent.js
jQuery
js
json
langpack
Linter
linter
manifest_json
manifest_version
manifest.json
messages.json
Node.js
npm
nvm
openDialog
opensearch
pino
semver
Sinon
standalone
strict_max_version
TravisCI
truthy
unadvised
unsafe-eval
unsanitized
update_url
v8
WebExtensions

24
README.md
Просмотреть файл

@ -12,7 +12,7 @@ You can find more information about the linter and it's implemented rules in our
### Command Line ### Command Line
You need node.js to use the add-ons linter. You need Node.js to use the add-ons linter.
To validate your add-on locally, install the linter from [npm](http://nodejs.org/): To validate your add-on locally, install the linter from [npm](http://nodejs.org/):
@ -99,11 +99,11 @@ linter.run()
## Development ## Development
If you'd like to help us develop the addons-linter, that's great! It's pretty easy to get started, you just need node.js installed on your machine. If you'd like to help us develop the addons-linter, that's great! It's pretty easy to get started, you just need Node.js installed on your machine.
### Quick Start ### Quick Start
If you have node.js installed, here's the quick start to getting your development dependencies installed and running the tests If you have Node.js installed, here's the quick start to getting your development dependencies installed and running the tests
```sh ```sh
git clone https://github.com/mozilla/addons-linter.git git clone https://github.com/mozilla/addons-linter.git
@ -123,11 +123,11 @@ npm run build
bin/addons-linter my-addon.zip bin/addons-linter my-addon.zip
``` ```
### Required node version ### Required Node version
addons-linter requires node.js v8 or greater. Have a look at our `.travis.yml` file which node.js versions we officially test. addons-linter requires Node.js v8 or greater. Have a look at our `.travis.yml` file which Node.js versions we officially test.
Using nvm is probably the easiest way to manage multiple node versions side by side. See [nvm on github](https://github.com/creationix/nvm) for more details. Using nvm is probably the easiest way to manage multiple Node versions side by side. See [nvm on GitHub](https://github.com/creationix/nvm) for more details.
### Install dependencies ### Install dependencies
@ -147,11 +147,11 @@ Dependencies are automatically kept up-to-date using [greenkeeper](http://greenk
| npm [run] build | Builds the lib (used by Travis) | | npm [run] build | Builds the lib (used by Travis) |
| npm run test-coverage | Runs the tests with coverage (watches for changes) | | npm run test-coverage | Runs the tests with coverage (watches for changes) |
| npm run test-once | Runs the tests once | | npm run test-once | Runs the tests once |
| npm run lint | Runs eslint | | npm run lint | Runs ESLint |
| npm run test-coverage-once | Runs the tests once with coverage | | npm run test-coverage-once | Runs the tests once with coverage |
| npm run test-integration-linter | Runs our integration test-suite | | npm run test-integration-linter | Runs our integration test-suite |
| npm run prettier | Automatically format the whole code-base with Prettier | | npm run prettier | Automatically format the whole code-base with Prettier |
| npm run prettier-dev | Automatically compare and format modified source files against the master branch | | npm run prettier-dev | Automatically compare and format modified source files against the master branch |
### Building ### Building
@ -169,7 +169,7 @@ We're looking to maintain coverage at 100%. Use the coverage data in the test ou
#### Assertions and testing APIs #### Assertions and testing APIs
We are using using sinon for assertions, mocks, stubs and more [see the Sinon docs for the API available](http://sinonjs.org/). We are using using Sinon for assertions, mocks, stubs and more [see the Sinon docs for the API available](http://sinonjs.org/).
[Jest](https://facebook.github.io/jest/) is being used as a test-runner but also provides helpful tools. Please make sure you read their documentation for more details. [Jest](https://facebook.github.io/jest/) is being used as a test-runner but also provides helpful tools. Please make sure you read their documentation for more details.
@ -179,7 +179,7 @@ We use [pino](https://github.com/pinojs/pino) for logging:
- By default logging is off (level is set to 'fatal') . - By default logging is off (level is set to 'fatal') .
- Logging in tests can be enabled using an env var e.g: `LOG_LEVEL=debug jest test` - Logging in tests can be enabled using an env var e.g: `LOG_LEVEL=debug jest test`
- Logging on the cli can be enabled with `--log-level [level]`. - Logging on the CLI can be enabled with `--log-level [level]`.
### Prettier ### Prettier
@ -189,11 +189,11 @@ We use [Prettier](https://prettier.io/) to automatically format our JavaScript c
In a nutshell the way the linter works is to take an add-on package, extract the metadata from the xpi (zip) format and then process the files it finds through various content scanners. In a nutshell the way the linter works is to take an add-on package, extract the metadata from the xpi (zip) format and then process the files it finds through various content scanners.
We are heavily relying on [Eslint](https://eslint.org/) for JavaScript linting, [cheerio](https://github.com/cheeriojs/cheerio) for HTML parsing as well as [fluent.js](https://github.com/projectfluent/fluent.js) for parsing language packs. We are heavily relying on [ESLint](https://eslint.org/) for JavaScript linting, [cheerio](https://github.com/cheeriojs/cheerio) for HTML parsing as well as [fluent.js](https://github.com/projectfluent/fluent.js) for parsing language packs.
### Scanners ### Scanners
Each file-type has a scanner. For example: CSS files use `CSSScanner`; Javascript files use `JavaScriptScanner`. Each scanner looks at relevant files and passes each file through a parser which then hands off to a set of rules that look for specific things. Each file-type has a scanner. For example: CSS files use `CSSScanner`; JavaScript files use `JavaScriptScanner`. Each scanner looks at relevant files and passes each file through a parser which then hands off to a set of rules that look for specific things.
### Rules ### Rules

90
docs/rules.md
Просмотреть файл

@ -1,6 +1,6 @@
# Linter Rules # Linter Rules
This document is automatically published on [github pages](http://mozilla.github.io/addons-linter/). To update it edit `docs/rules.md` in the [github repo](https://github.com/mozilla/addons-linter). This document is automatically published on [GitHub pages](http://mozilla.github.io/addons-linter/). To update it edit `docs/rules.md` in the [GitHub repo](https://github.com/mozilla/addons-linter).
Rules are sorted by severity. Rules are sorted by severity.
@ -9,75 +9,75 @@ Rules are sorted by severity.
| Message code | Severity | Description | | Message code | Severity | Description |
| ------------------------- | -------- | ---------------------------------------------------------------- | | ------------------------- | -------- | ---------------------------------------------------------------- |
| `KNOWN_LIBRARY` | notice | This is version of a JS library is known and generally accepted. | | `KNOWN_LIBRARY` | notice | This is version of a JS library is known and generally accepted. |
| `OPENDIALOG_NONLIT_URI` | notice | openDialog called with non-literal parameter | | `OPENDIALOG_NONLIT_URI` | notice | openDialog called with non-literal parameter. |
| `EVENT_LISTENER_FOURTH` | notice | `addEventListener` called with truthy fourth argument | | `EVENT_LISTENER_FOURTH` | notice | `addEventListener` called with truthy fourth argument. |
| `UNEXPECTED_GLOGAL_ARG` | warning | Unexpected global passed as an argument | | `UNEXPECTED_GLOGAL_ARG` | warning | Unexpected global passed as an argument. |
| `NO_IMPLIED_EVAL` | warning | disallow the use of `eval()`-like methods | | `NO_IMPLIED_EVAL` | warning | disallow the use of `eval()`-like methods. |
| `OPENDIALOG_REMOTE_URI` | warning | openDialog called with non-local URI | | `OPENDIALOG_REMOTE_URI` | warning | openDialog called with non-local URI. |
| `NO_DOCUMENT_WRITE` | warning | Use of `document.write` strongly discouraged. | | `NO_DOCUMENT_WRITE` | warning | Use of `document.write` strongly discouraged. |
| `JS_SYNTAX_ERROR` | warning | JavaScript compile-time error | | `JS_SYNTAX_ERROR` | warning | JavaScript compile-time error. |
| `UNADVISED_LIBRARY` | warning | This version of a JS library is not recommended. | | `UNADVISED_LIBRARY` | warning | This version of a JS library is not recommended. |
| `TABS_GETSELECTED` | warning | Deprecated API tabs.getSelected | | `TABS_GETSELECTED` | warning | Deprecated API `tabs.getSelected`. |
| `TABS_SENDREQUEST` | warning | Deprecated API tabs.sendRequest | | `TABS_SENDREQUEST` | warning | Deprecated API `tabs.sendRequest`. |
| `TABS_GETALLINWINDOW` | warning | Deprecated API tabs.getAllInWindow | | `TABS_GETALLINWINDOW` | warning | Deprecated API `tabs.getAllInWindow`. |
| `TABS_ONSELECTIONCHANGED` | warning | Deprecated API tabs.onSelectionChanged | | `TABS_ONSELECTIONCHANGED` | warning | Deprecated API `tabs.onSelectionChanged`. |
| `TABS_ONACTIVECHANGED` | warning | Deprecated API tabs.onActiveChanged | | `TABS_ONACTIVECHANGED` | warning | Deprecated API `tabs.onActiveChanged`. |
| `EXT_SENDREQUEST` | warning | Deprecated API extension.sendRequest | | `EXT_SENDREQUEST` | warning | Deprecated API `extension.sendRequest`. |
| `EXT_ONREQUESTEXTERNAL` | warning | Deprecated API extension.onRequestExternal | | `EXT_ONREQUESTEXTERNAL` | warning | Deprecated API `extension.onRequestExternal`. |
| `EXT_ONREQUEST` | warning | Deprecated API extension.onRequest | | `EXT_ONREQUEST` | warning | Deprecated API `extension.onRequest`. |
| `APP_GETDETAILS` | warning | Deprecated API app.getDetails | | `APP_GETDETAILS` | warning | Deprecated API `app.getDetails`. |
| `STORAGE_LOCAL` | warning | Temporary IDs can cause issues with storage.local | | `STORAGE_LOCAL` | warning | Temporary IDs can cause issues with `storage.local`. |
| `STORAGE_SYNC` | warning | Temporary IDs can cause issues with storage.sync | | `STORAGE_SYNC` | warning | Temporary IDs can cause issues with `storage.sync`. |
| `IDENTITY_GETREDIRECTURL` | warning | Temporary IDs can cause issues with identity.getRedirectURL | | `IDENTITY_GETREDIRECTURL` | warning | Temporary IDs can cause issues with `identity.getRedirectURL`. |
| `BANNED_LIBRARY` | error | This version of a JS library is banned for security reasons. | | `BANNED_LIBRARY` | error | This version of a JS library is banned for security reasons. |
## Markup ## Markup
### CSS ### CSS
| Message code | Severity | Description | | Message code | Severity | Description |
| -------------------------- | -------- | ---------------------------------- | | -------------------------- | -------- | ----------------------------------- |
| `CSS_SYNTAX_ERROR` | error | A CSS syntax error was detected | | `CSS_SYNTAX_ERROR` | error | A CSS syntax error was detected. |
| `INVALID_SELECTOR_NESTING` | error | CSS selectors should not be nested | | `INVALID_SELECTOR_NESTING` | error | CSS selectors should not be nested. |
### HTML ### HTML
| Message code | Severity | Description | | Message code | Severity | Description |
| --------------- | -------- | ----------------------------------------------------- | | --------------- | -------- | ------------------------------------------------------ |
| `INLINE_SCRIPT` | warning | Inline script is disallowed by CSP | | `INLINE_SCRIPT` | warning | Inline script is disallowed by CSP. |
| `REMOTE_SCRIPT` | warning | Remote scripts are not allowed as per Add-on Policies | | `REMOTE_SCRIPT` | warning | Remote scripts are not allowed as per Add-on Policies. |
## Content ## Content
| Message code | Severity | Description | | Message code | Severity | Description |
| -------------- | -------- | ---------------------- | | -------------- | -------- | ---------------------- |
| `HIDDEN_FILE` | warning | Hidden file flagged | | `HIDDEN_FILE` | warning | Hidden file flagged. |
| `FLAGGED_FILE` | warning | Flagged filename found | | `FLAGGED_FILE` | warning | Flagged filename found. |
## Package layout ## Package layout
| Message code | Severity | Description | | Message code | Severity | Description |
| -------------------------- | -------- | -------------------------------------------------- | | -------------------------- | -------- | --------------------------------------------------- |
| `MOZILLA_COND_OF_USE` | notice | Mozilla conditions of use violation | | `MOZILLA_COND_OF_USE` | notice | Mozilla conditions of use violation. |
| `FLAGGED_FILE_TYPE` | notice | (Binary) Flagged file type found | | `FLAGGED_FILE_TYPE` | notice | (Binary) Flagged file type found. |
| `FLAGGED_FILE_EXTENSION` | warning | Flagged file extensions found | | `FLAGGED_FILE_EXTENSION` | warning | Flagged file extensions found |
| `DUPLICATE_XPI_ENTRY` | warning | Package contains duplicate entries | | `DUPLICATE_XPI_ENTRY` | warning | Package contains duplicate entries |
| `ALREADY_SIGNED` | warning | Already signed | | `ALREADY_SIGNED` | warning | Already signed |
| `COINMINER_USAGE_DETECTED` | warning | Firefox add-ons are not allowed to run coin miners | | `COINMINER_USAGE_DETECTED` | warning | Firefox add-ons are not allowed to run coin miners. |
| `BAD_ZIPFILE` | error | Bad zip file | | `BAD_ZIPFILE` | error | Bad zip file |
| `FILE_TOO_LARGE` | error | File is too large to parse | | `FILE_TOO_LARGE` | error | File is too large to parse |
## Type detection ## Type detection
| Message code | Severity | Description | | Message code | Severity | Description |
| ----------------------- | -------- | ----------------------------------------------- | | ----------------------- | -------- | ------------------------------------------------ |
| `TYPE_NO_MANIFEST_JSON` | notice | Add-on missing manifest_json for type detection | | `TYPE_NO_MANIFEST_JSON` | notice | Add-on missing manifest_json for type detection. |
## Language packs ## Language packs
| Message code | Severity | Description | | Message code | Severity | Description |
| -------------- | -------- | ---------------------------- | | -------------- | -------- | --------------------------- |
| FLUENT_INVALID | warning | Invalid fluent template file | | FLUENT_INVALID | warning | Invalid fluent template file. |
## Web Extensions / manifest.json ## Web Extensions / manifest.json

10
docs/types.md
Просмотреть файл

@ -1,6 +1,6 @@
# Add-on Type Support [DRAFT] # Add-on Type Support [DRAFT]
Going forward the amo-validator will continue to be the linter for legacy addo-ns. This document lists what types of addons the addon-linter will support and provides somde details as to the scope of the features needed. Going forward the amo-validator will continue to be the linter for legacy add-ons. This document lists what types of add-ons the addon-linter will support and provides some details as to the scope of the features needed.
- Web Extensions - Web Extensions
- Dictionaries - Dictionaries
@ -11,10 +11,10 @@ Going forward the amo-validator will continue to be the linter for legacy addo-n
Required features for linting: Required features for linting:
- Validation of the `manifest.json`. Swtich to JSON scheme for this. - Validation of the `manifest.json`. Switch to JSON scheme for this.
- Look into rules for to guard against inadvertent privilege escalation holes. This type of issue would come from a site exploiting an extension. - Look into rules for to guard against inadvertent privilege escalation holes. This type of issue would come from a site exploiting an extension.
- js validation of content scripts (Rules need TBD) - js validation of content scripts (Rules need TBD)
- Flag un-approved libs based on file name that match libs - Flag unapproved libs based on file name that match libs
- Skip JS linting on libs that match the approved list. - Skip JS linting on libs that match the approved list.
- Rules for specific APIs. - Rules for specific APIs.
@ -39,10 +39,10 @@ Docs: https://developer.mozilla.org/docs/Creating_a_spell_check_dictionary_add-o
Docs appear to be a bit thin on the ground for these. They need looking into further and we should look at the existing rules. Docs appear to be a bit thin on the ground for these. They need looking into further and we should look at the existing rules.
## Search Addons ## Search Add-ons
What's needed? What's needed?
- Validation of the opensearch xml - Validation of the opensearch XML
Old code is here https://github.com/mozilla/amo-validator/blob/master/validator/opensearch.py Old code is here https://github.com/mozilla/amo-validator/blob/master/validator/opensearch.py